{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1bbe36fa-0355-5c07-96b7-6893c48c66d7", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "6.0.23-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4222c1dc-0c4f-5355-b61f-1ac592015a4f", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 6.0.23-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c414b823-91ca-5478-a746-3a6b36b02b91", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 6.0.23-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0ee74336-5bba-5558-910c-e4bec0a716d5", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 6.0.23-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:52e69fcf-9d13-5a99-8fec-71c258e8cbbc", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 6.0.23-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:91bbffe5-0cc6-57f0-b2c3-c27ca677d04f", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.0.23-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d0189fae-ee26-5998-af62-df58e8d3bf0c", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.0.23-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8e34bdd1-0b50-5925-938b-70f5ef8a0621", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.0.23-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dcb940fa-5ca1-5e92-a185-a69d79464ab8", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.0.23-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eda63f1a-d87f-58b7-a07c-709fe7bdeab5", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.0.23-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8bc67426-e099-59ca-a318-cbfe0e7f5657", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.0.23-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dd3098bf-866b-5b53-9556-1e1174010a0c", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.0.23-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6251a1c5-615e-52ad-936b-a18dc1f5a2d0", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.0.23-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9bab8d9a-947f-5f92-a0e8-227bf41ab8dd", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.0.23-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.3" } ] }